Information Technology Policy

January 2001

---

Contents

1. Introduction
2. Access to Information Technology Services and Facilities 
3. Use of the Information Technology Services and Facilities 
4. The Information Technology Policy Making Process 
5. Responsibility for Information Technology 
6. Procurement of Hardware and Software 
7. Telecommunications 
8. University of Canberra Online 
9. Legislation and Rules and Regulations
10. Standards
11. Archives – Electronic Records
12. Site Licensing
13. Responsibility for Training in Information Technology Skills
14. Achieving Self-Sufficiency in Information Technology Management
15. Security
16. Monitoring and Privacy 
17. Service Agreements 
18. Outsourcing 
19. Disaster Management and Contingency Planning 
20. Information Technology Documentation 
21. Table 1 - University of Canberra Community

1. Introduction

1.1 This Information Technology Policy documents the decisions made by the University about the management of its information technology and its user environment and identifies some external legislation and policies impacting on the University’s information technology service.

1.2 Information technology is defined as:

"The application of technology in computers and communication systems to the storage, processing and transmission of information with the objective of improving communication in the workplace and the efficiency and effectiveness of human endeavour."

1.3 This Information Technology Policy is designed to support the enhancement of a quality learning environment and to improve productivity and efficiency in teaching, research and administration.

1.4 The policy aims to support and maintain the cost efficiency of operation and currency of means in the University's use of information technology to achieve its strategic directions.

1.5 The policy covers all Campus Units that have as their governing authority the University Council. Campus Units include Divisions, Schools, Centres, Units and student organisations.

1.6 The University community includes staff and students, Convocation, a range of external institutions and the ACT community. See Table 1 - University of Canberra Community.

1.7 The policy should be read, in conjunction with the Guidelines for the Management of Information Technology by Campus Units and with the University's Information Policy.

1.8 University staff and students are expected to report suspected breaches of Commonwealth or ACT laws and University regulations, policies and protocols, and any unacceptable behaviour which occurs at the University or by a person acting in his/her capacity as a member of the University. Reports should be directed to the Executive Director of the Corporate Services Division and will be treated in a confidential and responsible manner. Reports will be referred to the appropriate University authority for investigation or referred to the appropriate external agency.

The University will protect the interests of any staff member or student reporting a suspected breach in good faith and in a responsible way.

2. Access to Information Technology Services and Facilities

2.1 Access to the Information Technology services and facilities of the University is governed by, amongst others, the:

• Australian Vice-Chancellor’s Committee. (AVCC)
  Revised policy on allowed access to AARNet (Provision of Coverage Services).
  (Endorsed by AVCC on 10 March 1998)

• University of Canberra. Network Access Policy.
• Telecommunications Act 1997 (Cth)
  Determination under section 51(1) made by the Minister and dated 12 January 1998.

2.2 The responsibilities and obligations of users accessing and using the Information Technology services of the University and the legislation, rules and regulations, guidelines and policies governing such access and use are summarised in:

- University of Canberra. Network access and use – responsibilities and obligations

2.3 The following categories of people are permitted access to the Internet under the provisions of legislation, AVCC policies and policies and guidelines of the University:

• Students of the University;
• Staff of the University;
• Associated individuals (visiting fellows, honorary research associates);
• Campus based students and student associations (but not trade unions); and
• Participants in Co-operative Research Centres and other collaborative bodies such as the Australian Maths Trust and Faculty-based research centres.

Categories specifically excluded from use include:

• Members of Alumni associations;
• Vendors and commercial clients of the University;
• Members of the community and all others not included above.

2.4 The University endeavours to provide enrolled students with access to hardware and software to support formal classwork and self-directed learning within the resources available and appropriate to their needs. The University encourages students to purchase their own personal computers. The Client Services Division is responsible for documenting and circulating guidelines to assist students to purchase appropriate equipment and configure it as required.

2.5 Students have access to the University network from:

• Division and Computer Centre labs to which students have authorised access for the purposes of their studies;
• From rooms in student residences (Network connection provided for a fee. This fee covers the capital cost of the connection and line rental, but not traffic);
• From home via an ISP (Fee-based service);
• From some terminals in the Library; and
• Dial-in access is available through an external ISP with costs borne by the student. Students may use any ISP.

E-mail access is available for each student and each student is provided with a University e-mail address. Authorised University information and notices may be sent to this address. In some cases notices are only sent to this address (eg many Library notices). Students can arrange for e-mails to their student address to be forwarded to other addresses through their student e-mail.

2.6 The University provides students with on-campus access to the network up to a specified level at no charge. This "free" allocation is normally adequate to satisfy the information needs of University courses. Students have the option of paying for additional access and Divisions may fund additional access to meet the needs of specific courses.

Charges are not made for:

- access to library databases
- traffic within the University; and
- traffic to the Australian National University, ADFA and AVCC.

(Refer to the statement ‘Internet Access Allocation for Students’ on the University of Canberra Online for details.)

2.7 The University provides its staff with appropriate hardware and software to perform their duties.

2.8 The University provides on-campus access to the University network for staff subject to the conditions detailed in this statement.

Dial-in access is available through an external Internet Service Provider (ISP). Staff may use any ISP. In the case of University staff who believe they require dial-in access to satisfy their University employment conditions, the cost of such access is borne by the University. In this case all access must be through the University-preferred ISP. University-funded access must be approved by the Pro Vice-Chancellor or Executive Director of the Division and is limited to a specific number of hours. (Refer Staff Notice 98/16 – Dial-in access to the University’s network from outside the campus).

Staff required to provide dial-in maintenance for the University’s network or corporate systems have access through the University’s own restricted dial-in service.

3. Use of the Information Technology Services and Facilities

3.1 Use of the network is governed by, amongst others, the:

• Telecommunications Act 1997 (Cth) - Determination under section 51(1) made by the Minister and dated 12 January 1998

• Australian Vice-Chancellors’ Committee (AVCC)
  Revised policy on allowed access to AARNet
  (Provision of Coverage Services)
  (Endorsed by the AVCC on 10 March 1993)

3.2 The responsibilities and obligations of users accessing and using the Information Technology services of the University and the legislation, rules and regulations, guidelines and policies governing such access and use are summarised in:

- University of Canberra
Network access and use – responsibilities and obligations.

3.3 The network service is provided for staff and students of the University to undertake their duties and studies related to the operations and mission of the University.

Use is restricted to the teaching, research and administrative business of the University and individuals can only use the Internet in the performance of tasks and responsibilities related to their own official positions at the University. The network must not be used for personal purposes or for personal gain.

Non-University commercial entities on campus, such as bookshops and pharmacies, are not permitted to use the University’s network to gain access to the Internet.

4. The Information Technology Policy Making Process

4.1 The primary advisory bodies in the University on information technology policies are the Client Services Division and the Corporate Systems Standing Committee.

4.2 The Client Services Division plays a leadership role in:

4.2.1 drafting strategic plans for information services and appropriate infrastructure;

4.2.2 drafting general information policies for improving the accessibility of information for the University community;

4.2.3 drafting general information policies for improving the distribution of information for the University community;

4.2.4 drafting consistency in information policy throughout the University;

4.2.5 drafting general information technology policies for the management of the University's information technology, its access and use;

4.2.6 drafting standards and guidelines for information technology and the collection and dissemination of information across the campus;

The Division consults widely in the drafting and review of policies. Policies are endorsed by the Vice-Chancellor’s Advisory Committee and may first be referred through the Corporate Systems Standing Committee if appropriate.

4.2.7 minimising the financial costs of providing information by all levels of the University and in particular encouraging consistent standards for data and open systems.

4.3 The Client Services Division collaborates with Campus Units in:

4.3.1 developing plans, strategies and policies for a campus information environment that take account of the information needs of all Campus Units, the context of open systems, the Australian Academic Research Network (AARNet) and the Internet, and the opportunities for a balance between centralised and decentralised approaches to information, its access, generation, dissemination and management.

4.3.2 investigating the feasibility of the rationalisation of systems and facilities to reduce administrative duplication and enable simpler access by the University community;

4.3.3 encouraging the use of standardised formats, as appropriate, to enable easy information transfer.

4.4 The Corporate Systems Standing Committee consists of the Executive Directors of the Divisions, or their nominees, and two Pro-Vice-Chancellors of the Divisions, or their nominees, determined by the Vice-Chancellor’s Advisory Committee.

4.4.1 The Standing Committee’s role is to define corporate responsibility, undertake systems and risk analyses and, act as a forum for negotiation and identification of corporate information priorities.

4.4.2 The Technical Reference Group is a sub-group of the Committee. It provides technical advice on information technology issues to the Committee and other University groups to ensure proposed policies and proposals are compatible with the University’s infrastructure requirements and technically achievable and supportable within identified resources.

5. Responsibility for Information Technology

5.1 The University has devolved responsibilities and funding for information technology, resulting in a mix of centralised responsibility and also responsibility vested in each of the Campus Units.

5.2 The Client Services Division is responsible for planning, developing, integrating, maintaining and securing the following infrastructure which is not specific to the needs of any one Campus Unit and is for the general use of the University community. This includes:

• the campus backbone network;
• the University's corporate information systems supporting student records, finance, human resources, physical resources, research and consulting, library systems, University of Canberra Online and databases of scholarly information;
• the University's switchboard;
• the audiovisual equipment, computing equipment and communications equipment in Category A teaching spaces;
• the computer laboratories in the Computer Centre which supplement Academic Division laboratories and support general use by students. The laboratories support a basic suite of software. Software required by specific units may be installed in the laboratories but must be funded and supported by the Academic Division concerned and must be technically compatible with the existing software and hardware configurations in the laboratories and not compromise the Client Services Division’s efforts to support general student access to laboratory facilities.

5.3 Campus Units are responsible for the planning and management of information technology that they acquire and maintain to support activities that are specific to their needs and compatible with the University's strategic directions. Examples of Campus Unit responsibilities include:

• Academic Division laboratories;
• analytical equipment;
• geographic information systems;
• satellite dishes;
• computer workstations in Divisions;
• special data storage requirements to support course units;
• specific software to support the teaching of unit;
• facsimile and imaging equipment;
• photocopiers.

In this way there is no masterplan for the control of information technology. Divisions and Student Organisations are expected to consider how services will be designed and implemented at their level. Access to such facilities needs to be negotiated with the appropriate Campus Unit.

5.4 Where Campus Units need to share information technology to meet their collaborative ventures (for example, team teaching by several Academic Divisions), the planning and management of information technology may be facilitated by the Client Services Division playing a co-ordinating role.

5.5 The Corporate Services Division is responsible for the Disability Equipment Budget which includes adaptive computer equipment and other equipment that enables students with disabilities to undertake their studies in accordance with the Disabilities Discrimination Act.

5.6 The University requires that for each Campus Unit a staff member is designated as a Network Manager, (the individual may be the Network Manager for more than one Campus Unit). That person is responsible for the Information Technology owned by the Campus Unit and is the official contact between the Campus Unit and the Client Services Division for Information Technology related matters.

6. Procurement of Hardware and Software

6.1 Procurement decisions should be made with the knowledge of the University's strategic directions and within the standards outlined in Guidelines for the Management of Information Technology by Campus Units.

6.2 Information technology should be upgraded and/or replaced on a three year cycle to avoid obsolescence.

6.3 Compatibility with the campus network and other equipment must be taken into account when making purchases.

6.4 In the procurement of hardware and software, Campus Units should factor in all costs of a purchase including training, appropriate ergonomic furniture and ongoing maintenance.

6.5 All Information Technology acquired by a Campus Unit should be registered as an asset on the University's assets register maintained by the Corporate Services Division if required under the appropriate assets policy in force at the time.

7. Telecommunications

7.1 Telecommunications in the form of telephones, facsimile machines and data modems are a vital part of the University’s operation and are likely to remain a primary, accepted and cost-effective means of communication for the foreseeable future. The primary purpose of the University’s telecommunications infrastructure is to facilitate teaching, research and learning at the University and the provision of administrative, student and staff support services and information and communication services.

7.2 The acquisition, operation and maintenance of the University telecommunications service is governed by the University’s Telephone Access Policy. (Endorsed by Vice-Chancellor’s Advisory Committee in 1997). The University’s policy on data communication, including modems and dial-in access, is detailed in the Network Access Policy.

7.3 The Telephone Access Policy covers the acquisition, operation and maintenance of the telephone service provided through the University’s PABX, facsimile machines, mobile phones and other telecommunications equipment that is either directly connected to the University’s PABX switching equipment or utilises a telephone carrier service for its connectivity. The PABX system comprises the central PABX and subsidiary PABXs.

7.4 The Client Services Division is responsible for the support of the telephone network, often through external contractors and supplier.

7.5 The Telephone Access Policy covers:

• Provision of basic PABX service;
• Minimum telephone facilities for staff;
• Enhanced telephone facilities for staff;
• Facsimile access;
• Services for commercial operations on campus;
• Provision of public and emergency phones;
• Telephone services in the Student Residences; and
• Purchase of equipment and charges to the telecommunications infrastructure.

8. University of Canberra Online

8.1 University of Canberra Online, previously known as the Campus Wide Information Service (CWIS), is a collection of electronic menus, information and publications in a variety of formats which can be accessed through a web of pages and pointers collected under the University of Canberra Home page. These pages may be of academic, administrative or personal nature related to the University of Canberra.

University of Canberra Online is a repository of information intended to assist University of Canberra staff and students in their work and study at the University. It is also the electronic face of the University to the outside world and a gateway to other information systems on and off campus.

8.2 Full details of the responsibilities for University of Canberra Online are included in the University’s Information Policy.

In summary, the Client Services Division is responsible for the management of University of Canberra Online, establishing the technical infrastructure for its operation, for editorial leadership and ensuring the maintenance of editorial quality, and developing and maintaining editorial and publishing guidelines. The Corporate Services Division is responsible for the overall design of the site and ensuring corporate marketing information and documentation is available on University of Canberra Online. Campus Units are responsible for ensuring information relating to their unit is available on University of Canberra Online and for ensuring the information is current, comprehensive and accessible in an effective manner.

9. Legislation and Rules and Regulations

9.1 Access and use of the Information Technology service and facilities are governed by a number of legislative instruments (ie Acts) and Rules and regulations of the University or other bodies.

9.2 For legislation and rules governing access and use refer paras 2 and 3 of this policy.

9.3 Other legislation and rules applying include:

• Crimes Act 1914 (Cth)

• The University’s network must not be used to harass, abuse or otherwise seek to offend other users;

• The University’s network must not be used to access, store or transfer illegal material, such as child pornography;
• Users must not destroy, erase, alter or add to any information on the network unless they are the author/owner/custodian of the information with the right and responsibility to ensure the currency and completeness of the information.

• Copyright Act 1968 (Cth)

• Users of the University network must respect the rights of copyright owners protected under the Copyright Act 1968 (Cth). Users must not copy material on the network or make material available through the network in breach of the Act. As a general guide no more than ten per cent of a copyright item should be copied or stored.

• The University has produced a guide to copyright, which is designed to set out the rights and responsibilities of University staff and students in relation to copyright in the University. The guide provides details of the protections offered by copyright, the circumstances when copying is permitted and how copyright impacts on the work of the University.

The Guide to copyright - Your rights and responsibilities is included on University of Canberra Online.

Penalties, including fines and jail, apply for offences committed under these Acts.

9.4 Access and use of University’s information technology services and facilities are also governed by the University’s Computer Services Centre Rules 1993. Offences are created under these rules, the Regulation of Student Conduct Rules 1992 and other legal instruments covering staff and students.

10. Standards

The University supports standards in hardware and software with the aim of maximising cost effectiveness, meeting user needs, achieving connectivity, and ensuring ongoing support. See Guidelines for the Management of Information Technology by Campus Units for a list of current standards.

11. Archives – Electronic Records

Staff must ensure that records related to the business of the University are retained and retrievable. University staff have responsibilities under a range of legislation related to records, information and data:

• Archives
• Freedom of Information
• Administrative appeals processes, especially records relating to decisions.

Records may also be required to be produced during the ‘discovery’ process of legal proceedings or in courts of law.

The University's Records and Archives Policy contains details of the requirements relating to the retention and organisation of records.

12. Site Licensing

The University encourages site licensing of software in order to make cost savings and for effectiveness in delivery and use of software. Particular consideration will be given to software that can be distributed to students. Campus Units should discuss plans for site licences with the Client Services Division to ensure a co-ordinated approach is achieved.

13. Responsibility for Training in Information Technology Skills

13.1 Each Campus Unit is responsible for identifying the information skills and related information technology skills needed by their staff and students. Each Campus Unit is also responsible for planning the appropriate training programs and awareness programs for their staff and students. Each Campus Unit may decide to use their own staff as trainers, send their staff and students to general courses offered gratis by other Campus Units, pay other Campus units to run customised training programs or arrange for external contractors to organise training programs. The University recognises the need for a co-ordinated approach to training.

13.2 The Client Services Division is responsible for providing training sessions for staff and students in the use of the services provided by the Division. These include:

• Basic awareness of the personal computing network at the University including using a mouse and keyboard, inserting a floppy disk, using a back-up storage device and basic file management techniques
• E-mail
• Use of printing facilities
• Use of scanners and colour printers
• Use of Internet and University of Canberra Online
• Publishing on University of Canberra Online (for staff)
• Accessing electronic databases
• Using library catalogues.

The Division also provides SmartForce, a self-paced online training package, for University staff and students (available for PCs only).  Courses available include basic IT concepts, Internet skills and Microsoft Office applications. Details on how to logon to SmartForce are available at http://www.canberra.edu.au/cc/online_training.html

14. Achieving Self-Sufficiency in Information Technology Management

The University encourages each Campus Unit to develop a staff profile with the skills appropriate to manage Information Technology within a networked tertiary environment (see Guidelines for the Management of Information Technology by Campus Units).

15. Security

15.1 Campus Units are required to take adequate precautions to prevent or discourage theft of equipment and to minimise any attempts to gain unauthorised access to computer systems. All breaches of security should be reported.

Theft should be reported to the Security Manager, Property Unit. Cases of unauthorised access to computer systems should be reported to the Executive Director, Client Services Division.

15.2 Every unit connected to the campus network must run TCP/IP suite of protocols and be correctly registered with an Internet address and a world registered name. The responsibility for assignment of the "world registered" Internet address and its associated name rests with the Client Services Division.

15.3 Specific security issues are discussed in the Guidelines for the Management of Information Technology by Campus Units.

16. Monitoring and Privacy

The University monitors traffic on the network and specific network services. It monitors:

• usage of caches, both by files accessed and by network addresses accessing the caches and may correlate addresses accessed with files;
• use of the news server, both by accesses to newsgroups and by network address accessing the server and may correlate particular newsgroups to particular network addresses; and
• electronic mail traffic through University servers, recording source and destination addresses of messages, but not message content.

The University also logs items such as access to secured rooms and buildings by ID card, logins to UNIX servers and failure/security reports on all systems. The logs obtained by these monitoring operations are used by the University’s technical staff, principally for capacity planning, performance measurement and accounting.

The University respects the rights of staff and students using the network for valid University purposes. However, where there is abuse, or suspected abuse, of the network or network services and facilities, the University has the right to inspect individual University-owned machines and servers, along with all files, messages and logs contained on those machines and servers, and make whatever correlation is required to investigate such abuse or suspected abuse.

By connecting to private machine to the University’s network a user has acknowledged that they will be bound by the University’s conditions of use of Information Technology services, including this statement. By so doing the user acknowledges that the network traffic generated by the private machine is generated in pursuit of University business only. While that traffic is transversing the University’s network, it is subject to the same right of inspection as traffic originating from University-owned machines and servers.

The authority to inspect the machines, servers and files resides with the Executive Director, Pro Vice-Chancellor or other manager who is responsible for the network.

17. Service Agreements

Campus Units offering installation, maintenance and repair services for software and hardware on a fee basis should negotiate service agreements with other Campus Units using their services.

18. Outsourcing

The options available to the University for the development of its services and systems, their installation and maintenance include:

• inhouse development;
• purchase of commercially available services and products;
• collaborative development with other universities and organisations.

Decisions are made on a case-by-case basis using cost-benefit analysis and links to the University's strategic plans.

19. Disaster Management and Contingency Planning

All Campus Units should have plans in place for coping with major system failures of mission critical proportions where loss of information would threaten the integrity of the Campus Unit.

20 Information Technology Documentation

The suite of documents governing the use and access to the University’s information technology services and facilities include, but is not restricted to, the following:

Legislation

• Crimes Act 1914 (commonwealth)
• Telecommunications Act 1997 (Commonwealth)
• Copyright Act 1968 (commonwealth)
• Freedom of Information Act 1989 (Australian Capital Territory)

External

• Australian Vice Chancellors’ Committee Revised Policy on Allowed Access to AARNet (Provision of carriage Services)

University of Canberra

• University of Canberra Network Access Policy
• Network Access and Use – Responsibilities and Obligations
• University of Canberra Telephone Access Policy
• Dial-in Access to the University’s Network from Outside the Campus (University of Canberra Staff Notice 98/16)
• University of Canberra Information Technology Policy
• Guidelines for the management of information technology by campus units
• University of Canberra Information Policy
• Guide to Copyright - Your Rights and Responsibilities
• University of Canberra Policy on Intellectual Property
• Library Rules 1993 (University of Canberra)
• Computer Services Centre Rules 1993 (University of Canberra)
• Regulation of Student Conduct Rules 1992 (University of Canberra)
• User notes on a variety of subjects produced by the Client Services Division.9

Information Technology Policy - History

• First published May 1995 - Developed by the Information and Communication Services Committee (Meeting 95/2)
      - Endorsed by Academic Board (Meeting 95/3)
      - Endorsed by Council (Meeting - May 1995)
• Reviewed and revised - Information and Communication Services Committee (meeting 98/5)
• Reviewed and revised - Client Services Division (2000)
      - Noted by Vice-Chancellor's Advisory Committee (Meeting - 01/01, 23 January 2001)

---

© University of Canberra

Content Custodian:Gregory Jones
Data Custodian:Dianne Hounsell
Last updated: 20/12/02 16:25